Authentication and fraud prevention in provisioning a mobile wallet

ABSTRACT

A method including receiving an inquiry from a provider to authenticate a provisioning of an account to a mobile wallet. The method also can include determining device ownership information for a mobile device that operates the mobile wallet, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. The method additionally can include determining an ownership correlation between the device ownership information and the account ownership information. The method further can include generating a fraud risk level by applying business rules and one or more statistical modeling techniques. The method additionally can include providing a response to the provider based on the fraud risk level. Other embodiments are provided.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No. 62/396,684, filed Sep. 19, 2016. U.S. Provisional Application No. 62/396,684 is incorporated herein by reference in its entirety.

TECHNICAL FIELD

This disclosure relates generally to financial transaction processing, and relates more particularly to authentication and fraud prevention in provisioning a mobile wallet.

BACKGROUND

A mobile wallet is a service that allows a user of a mobile device to send and/or receive money using the mobile device. The mobile wallet typically includes an application that resides on the mobile device and communicates with a mobile wallet provider. To setup the mobile wallet, the user of the mobile device generally adds one or more underlying accounts, such as checking accounts, savings accounts, credit card accounts, or debit card accounts, to the mobile wallet by uploading the account information to the mobile wallet provider. The process of uploading the underlying account to the mobile wallet provider to allow for future transactions in which the mobile wallet uses the underlying account is referred to as “provisioning.” After the account has been provisioned to the mobile wallet, the mobile wallet can perform secure financial transactions, typically using tokenized information, such that the underlying account information is not transferred between transacting parties.

BRIEF DESCRIPTION OF THE DRAWINGS

To facilitate further description of the embodiments, the following drawings are provided in which:

FIG. 1 illustrates a block diagram of a system that can be employed for provisioning an account to a mobile wallet;

FIG. 2 illustrates a flow chart for a method, according to an embodiment;

FIG. 3 illustrates a flow chart of a block of the method of FIG. 2 of determining device ownership information for a mobile device that operates the mobile wallet, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account, according to an embodiment;

FIG. 4 illustrates a block diagram of a risk determination system of FIG. 1 that can be employed for facilitating a risk determination as part of provisioning an account to the mobile wallet of FIG. 1, according to an embodiment;

FIG. 5 illustrates an exemplary user interface display to allow the user of FIG. 1 to request associating an account with the mobile wallet of FIG. 1 on the mobile device of FIG. 1, according to an embodiment;

FIG. 6 illustrates an exemplary user interface display to display to the user of FIG. 1 the results of the provisioning request initiated using the user interface display of FIG. 5, according to an embodiment;

FIG. 7 illustrates a flow chart for a method, according to an embodiment;

FIG. 8 illustrates a block diagram the mobile wallet provider of FIG. 1 that can be employed for facilitating a risk determination as part of provisioning an account to the mobile wallet of FIG. 1, according to an embodiment;

FIG. 9 illustrates a flow chart for a method, according to an embodiment;

FIG. 10 illustrates a block diagram of the token service provider of FIG. 1 that can be employed for facilitating a risk determination as part of provisioning an account to the mobile wallet of FIG. 1, according to an embodiment;

FIG. 11 illustrates a computer that is suitable for implementing an embodiment of the systems shown in FIG. 1; and

FIG. 12 illustrates a representative block diagram of an example of elements included in circuit boards inside a chassis of the computer of FIG. 12.

For simplicity and clarity of illustration, the drawing figures illustrate the general manner of construction, and descriptions and details of well-known features and techniques may be omitted to avoid unnecessarily obscuring the present disclosure. Additionally, elements in the drawing figures are not necessarily drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help improve understanding of embodiments of the present disclosure. The same reference numerals in different figures denote the same elements.

The terms “first,” “second,” “third,” “fourth,” and the like in the description and in the claims, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms “include,” and “have,” and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, device, or apparatus that comprises a list of elements is not necessarily limited to those elements, but may include other elements not expressly listed or inherent to such process, method, system, article, device, or apparatus.

The terms “left,” “right,” “front,” “back,” “top,” “bottom,” “over,” “under,” and the like in the description and in the claims, if any, are used for descriptive purposes and not necessarily for describing permanent relative positions. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the apparatus, methods, and/or articles of manufacture described herein are, for example, capable of operation in other orientations than those illustrated or otherwise described herein.

The terms “couple,” “coupled,” “couples,” “coupling,” and the like should be broadly understood and refer to connecting two or more elements mechanically and/or otherwise. Two or more electrical elements may be electrically coupled together, but not be mechanically or otherwise coupled together. Coupling may be for any length of time, e.g., permanent or semi-permanent or only for an instant. “Electrical coupling” and the like should be broadly understood and include electrical coupling of all types. The absence of the word “removably,” “removable,” and the like near the word “coupled,” and the like does not mean that the coupling, etc. in question is or is not removable.

As defined herein, two or more elements are “integral” if they are comprised of the same piece of material. As defined herein, two or more elements are “non-integral” if each is comprised of a different piece of material.

As defined herein, “approximately” can, in some embodiments, mean within plus or minus ten percent of the stated value. In other embodiments, “approximately” can mean within plus or minus five percent of the stated value. In further embodiments, “approximately” can mean within plus or minus three percent of the stated value. In yet other embodiments, “approximately” can mean within plus or minus one percent of the stated value.

As defined herein, “real-time” can, in some embodiments, be defined with respect to operations carried out as soon as practically possible upon occurrence of a triggering event. A triggering event can include receipt of data necessary to execute a task or to otherwise process information. Because of delays inherent in transmission and/or in computing speeds, the term “real-time” encompasses operations that occur in “near” real-time or somewhat delayed from a triggering event. In a number of embodiments, “real-time” can mean real-time less a time delay for processing (e.g., determining) and/or transmitting data. The particular time delay can vary depending on the type and/or amount of the data, the processing speeds of the hardware, the transmission capability of the communication hardware, the transmission distance, etc. However, in many embodiments, the time delay can be less than approximately one second, five seconds, ten seconds, thirty seconds, one minute, two minutes, or five minutes.

DESCRIPTION OF EXAMPLES OF EMBODIMENTS

Various embodiments include a system. The system can include one or more processors in data communication through a network with a provider and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform certain acts. The acts can include receiving an inquiry from the provider to authenticate a provisioning of an account to a mobile wallet. The inquiry can include: account information about the account, and device information about a mobile device that operates the mobile wallet. The acts also can include determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. The acts additionally can include determining an ownership correlation between the device ownership information and the account ownership information. The acts further can include generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The acts additionally can include providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.

A number of embodiments include a method. The method can be implemented via execution of computer instructions configured to run at one or more processors and configured to be stored at one or more non-computer-readable media. The method can include receiving an inquiry from a provider to authenticate a provisioning of an account to a mobile wallet. The inquiry can include: account information about the account, and device information about a mobile device that operates the mobile wallet. The method also can include determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. The method additionally can include determining an ownership correlation between the device ownership information and the account ownership information. The method further can include generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The method additionally can include providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.

Additional embodiments include a system. The system can include one or more processors in data communication through a network with a provider and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform certain acts. The acts can include receiving a request from a mobile wallet operating on the mobile device to perform a provisioning of an account to the mobile wallet. The acts also can include generating account information about the account. The acts additionally can include generating device information about the mobile device. The acts further can include sending an inquiry to the risk determination system to authenticate the provisioning of the account to the mobile wallet. The inquiry can include the account information and the device information. The risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The acts additionally can include receiving from the risk determination system a first response based on the fraud risk level. The acts further can include determining whether to proceed with the provisioning of the account to the mobile wallet or to perform an additional verification based at least in part on the first response received from the risk determination system. The acts additionally can include sending a second response to the mobile wallet in response to the request to perform the provisioning of the account to the mobile wallet, such that the mobile wallet updates a user interface display on the mobile device based on the second response to display information about the provisioning of the account to the mobile wallet.

Further embodiments include a method. The method can be implemented via execution of computer instructions configured to run at one or more processors and configured to be stored at one or more non-computer-readable media. The method can include receiving a request from a mobile wallet operating on a mobile device to perform a provisioning of an account to the mobile wallet. The method also can include generating account information about the account. The method additionally can include generating device information about the mobile device. The method further can include sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet. The inquiry can include the account information and the device information. The risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The method additionally can include receiving from the risk determination system a first response based on the fraud risk level. The method further can include determining whether to proceed with the provisioning of the account to the mobile wallet or to perform an additional verification based at least in part on the first response received from the risk determination system. The method additionally can include sending a second response to the mobile wallet in response to the request to perform the provisioning of the account to the mobile wallet, such that the mobile wallet updates a user interface display on the mobile device based on the second response to display information about the provisioning of the account to the mobile wallet.

Additional embodiments include a system. The system can include one or more processors in data communication through a network with a provider and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform certain acts. The acts can include receiving a request from the provider to perform a provisioning of an account to a mobile wallet operating on a mobile device. The acts also can include sending an inquiry to the risk determination system to authenticate the provisioning of the account to the mobile wallet. The inquiry can include account information about the account and device information about the mobile device. The risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The acts additionally can include receiving from the risk determination system a response based on the fraud risk level. The acts further can include determining whether to proceed with the provisioning of the account to the mobile wallet based at least in part on the response received from the risk determination system. The acts additionally can include providing a token to the provider in response to the request to perform the provisioning of the account to the mobile wallet when the fraud risk level is below a predetermined threshold, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet. The token can be linked to the account.

Further embodiments include a method. The method can be implemented via execution of computer instructions configured to run at one or more processors and configured to be stored at one or more non-computer-readable media. The method can include receiving a request from a provider to perform a provisioning of an account to a mobile wallet operating on a mobile device. The method also can include sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet. The inquiry can include account information about the account and device information about the mobile device. The risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The method additionally can include receiving from the risk determination system a response based on the fraud risk level. The method further can include determining whether to proceed with the provisioning of the account to the mobile wallet based at least in part on the response received from the risk determination system. The method additionally can include providing a token to the provider in response to the request to perform the provisioning of the account to the mobile wallet when the fraud risk level is below a predetermined threshold, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet. The token can be linked to the account.

Turning to the drawings, FIG. 1 illustrates a block diagram of a system 100 that can be employed for provisioning an account to a mobile wallet. System 100 is merely exemplary, and embodiments of the system are not limited to the embodiments presented herein. The system can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of system 100 can perform various procedures, processes, and/or activities. In other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of system 100.

In some embodiments, system 100 can include one or more mobile devices, such as mobile device 120; one or more mobile wallet providers, such as mobile wallet provider 130; one or more mobile network operators, such as mobile network operator 140; one or more token service providers, such as token service provider 150; one or more financial institutions, such as financial institution 160; and/or a risk determination system 170. In a number of embodiments, each of the mobile devices, mobile wallet providers, mobile network operators, token service providers, financial institutions, and the risk determination system can include a computer system, such as computer system 1100, as shown in FIG. 11 and described below, and can be a single computer, a single server, or a cluster or collection of computers or servers, or a cloud of computers or servers. In many embodiments, various components (e.g., 120, 130, 140, 150, 160, 170) of system 100 can be in data communication with various other components (e.g., 110, 120, 130, 140, 150, 160) of system 100, such as through one or more networks. The networks can be the Internet and/or other suitable data communication networks.

In a number of embodiments, mobile device 120 can be used by a user 110 to initiate provisioning of an account to mobile wallet 121 residing on mobile device 120. In various embodiments, mobile device 120 can run a mobile application, such as a mobile wallet 121, to allow user 110 of mobile device 120 to send and/or receive money using mobile device 120. Mobile wallet 121 can be an application that resides on mobile device 120 and communicates with mobile wallet provider 130.

In several embodiments, to setup mobile wallet 121, user 110 of mobile device 120 can add one or more underlying accounts, such as checking accounts, savings accounts, credit card accounts, or debit card accounts, to mobile wallet 121 by uploading account information (e.g., card number, account number, etc.) for the one or more accounts through mobile wallet 121 to mobile wallet provider 130. The process of uploading an underlying account to mobile wallet provider 130 to allow for future transactions in which mobile wallet 121 uses the underlying account is referred to as “provisioning.” After the account has been provisioned to mobile wallet 121, mobile wallet 121 can perform secure financial transactions, typically using tokenized information, such that the underlying account information is not transferred between transacting parties. For example, mobile wallet 121 can communicate with mobile wallet provider 130 to obtain one or more to tokens, which can be obtained by mobile wallet provider 130 from token service provider 150. The provisioning of the underlying account allows token service provider 150 to provide tokens that are linked to that underlying account.

In many embodiments, mobile wallet provider 130 can be a server or other computing system that communicates with mobile wallet 121 on mobile device 120 to manage services on mobile wallet 120. For example, mobile wallet providers (e.g., 130) have been created by financial institutions (e.g., Chase Pay, Wells Fargo Wallet), merchant associations (e.g., Merchant Customer Exchange (MCX) CurrentC), and mobile device hardware and/or software manufacturers (e.g., Google Wallet, Android Pay, Apple Pay, Samsung Pay).

In various embodiments, mobile network operator 140 can provide mobile network services (e.g., wireless data communication) for mobile device 120. Mobile network operators (e.g., 140) also are referred to as wireless service providers, wireless carriers, cellular carriers, etc. Examples of mobile network operators (e.g., 140) include Verizon Wireless, AT&T Mobility, T-Mobile, Sprint, etc. Mobile network operators (e.g., 140) can manage mobile network services accounts for mobile devices (e.g., 120), and generally have information about the ownership and/or status of a mobile device (e.g., 120).

In several embodiments, token service provider 150 can provide tokens to token requestors, such as mobile wallet providers (e.g., 130). The token is a unique digital identifier that acts as digital credentials and is linked within token service provider 150 to the underlying account. The token can allow payment transactions to be processed without exposing actual account details of underlying accounts, which can prevent those underlying accounts from being compromised. Once the account is provisioned, tokens provided by token service providers (e.g., 150) are considered secure in payment transactions, as the underlying account information is kept secret within the token service provider and the financial institution (e.g., 160) that maintains the underlying account. Examples of current token service providers (e.g., 150) include card network providers, such as Visa, American Express, MasterCard, and First Data Corporation (i.e., STAR network).

In a number of embodiments, the financial institutions, such as financial institution 160, can be depository financial institutions, such as savings banks, credit unions, savings and loan associations, card issuing financial institutions, or other forms of financial institutions. In many embodiments, financial institution 160 can be the card issuer for the underlying account. The underlying account can be a deposit account, such as a checking account or savings account, or a lending account, such as a charge account or credit account. Financial institution 160 can have information about the ownership of the underlying account. In some embodiments, financial institution 160 can be replaced by or supplemented by a card processor, which can have access to information about the underlying account.

In several embodiments, risk determination system 170 can be in communication with one or more other systems, such as mobile wallet provider 130, mobile network operator 140, token service provider 150, and/or financial institution 160, and can be queried by one or more of those systems to generate and provide a fraud risk level for a provisioning transaction. In a number of embodiments, risk determination system 170 can communicate, such as through call-outs, with one or more other systems, such as mobile wallet provider 130, mobile network operator 140, token service provider 150, and/or financial institution 160, to determine additional information to be used as part of risk determination system 170 determining the fraud risk level. In various embodiments, risk determination system 170 can include a number of systems, as shown in FIG. 4 and described below. The systems in risk determination system 170 can be implemented in software, hardware, or a combination thereof.

Provisioning an underlying account to the mobile wallet can raise several possibilities of fraud. For example, user 110 can misrepresent the true and correct identity of the user of mobile device 120 and mobile wallet 121. In some cases, the account information can be stolen or otherwise used by user 110 when user 110 does not have legitimate access to the account. In the same or other cases, mobile device 120 can be a stolen device, a device bought on the black market, or a device used by someone without authorization. Fraud occurs in over five percent of all account provisioning activities, which is extremely high. In many embodiments, risk determination system 170 can beneficially determine a risk of fraud using a combination of data sources to ensure that user 110 that is performing the provisioning of the account is authorized to access the account and has legitimate access to mobile device 120. In many cases, risk determination system 170 can ensure that the provisioning of the account is done by someone who is both the account holder and the owner of mobile device 120.

In some cases, the person or entity that owns mobile device 120 or is the account holder can be different from authorized users of mobile device 120 or the account. For example, corporate plans or family plans for mobile devices (e.g., 120) often involve owners who are different from those you are authorized to use the mobile devices (e.g., 120). In such cases, risk determination system 170 can ensure that the provisioning of the account is done by someone who is authorized on the account and mobile device 120.

Conventional methods of provisioning a mobile wallet can present difficulties in authentication and fraud prevention. These problems specifically arise in the context of computer networks, as provisioning a mobile wallet necessarily involves a mobile wallet resident on a mobile devices that communicates through one or more computer networks to other systems, such as one or more of a mobile wallet provider (e.g., 130) and/or a financial institution (e.g., 160) to provision the mobile wallet. These communications over one or more computer networks allow the user (e.g., 110) of the mobile device (e.g., 120) to misrepresent various pieces of information in the provisioning process. In conventional methods of provisioning a mobile wallet, the mobile wallet provider (e.g., 130) will generally determine if the account is already verified with another service provided by the mobile wallet provider (e.g., 130) and if the mobile device (e.g., 120) has been rooted or jailbroken. For example, if the mobile wallet provider (e.g., 130) is Apple Pay, and the user (e.g., 110) has already registered the account (e.g., a credit card) in Apple iTunes, then Apple will determine that the provisioning of the account in Apple Pay is low risk if the mobile device (e.g., 120) is not jailbroken. If the mobile device (e.g., 120) is jailbroken, Apple will determine that the provisioning of the account in Apple Pay is high risk and block the provisioning. If the account is new to Apple and has not been used previously, such as in iTunes, Apple will determine that there is medium risk and use a call center to call and authenticate the user (e.g., 110) in order to verify that the user (e.g., 110) is authorized to provision the account on the mobile device (e.g., 120). In some cases, Apple sends the provisioning request to a token service provider (e.g., 150) associated with the card (e.g., the Visa network for a Visa card) and/or a financial institution (e.g., 160) maintaining the account, which will often use a call center to call and authenticate the user (e.g., 110), unless the account has been closed or blocked from future transactions, in which case the provisioning request is blocked. In the case of medium risk, call centers are typically used to attempt to authenticate the user (e.g., 110) and prevent fraud. However, call centers are expensive and are subject to fraud by adept fraudsters. Further, users (e.g., 110) often do not want to use call centers to authenticate when attempting to provision an account.

In many embodiments, risk determination system 170 can advantageously help address the cases that are conventionally considered medium risk and sent to call centers for further authentication. In several of these “medium risk” cases, risk determination system 170 can determine that the risk of fraud is low so that the provisioning request does not warrant further authentication. In other of these “medium risk” cases, risk determination system 170 can determine that the risk of fraud is high so that the provisioning request should likely be blocked. In other cases, risk determination system 170 can determine that the risk of fraud is still medium and should involve further authentication, but the number of such cases can be less than when using conventional methods. In many embodiments, the implementation of solutions involving risk determination system 170 can be necessarily rooted in computer technology. For example, the aggregation of the data, particularly on the scale of hundreds of thousands, millions, tens of millions, or hundreds of millions of accounts and/or mobile device can be infeasible without computer technology. Further, the response time, such as real-time responses and/or real-time call-outs can be infeasible without computer technology.

Turning ahead in the drawings, FIG. 2 illustrates a flow chart for a method 200. In some embodiments, method 200 can be a method of determining a risk level in provisioning an account to a mobile wallet. Method 200 is merely exemplary and is not limited to the embodiments presented herein. Method 200 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the procedures, the processes, and/or the activities of method 200 can be performed in the order presented. In other embodiments, the procedures, the processes, and/or the activities of method 200 can be performed in any suitable order. In still other embodiments, one or more of the procedures, the processes, and/or the activities of method 200 can be combined or skipped. In some embodiments, method 200 can be performed by risk determination system 170 (FIG. 1).

Referring to FIG. 2, method 200 can include a block 201 of receiving an inquiry from a provider to authenticate the provisioning of an account to a mobile wallet. The mobile wallet can be similar or identical to mobile wallet 121 (FIG. 1). In various embodiments, the account can be at least one of a demand deposit account, a debit card account, or a credit card account. In many embodiments, the provider can be at least one of a mobile wallet provider for the mobile wallet, a financial institution that maintains the account, a token service provider that provides tokenization services for the mobile wallet provider, or a mobile network operator that provides mobile network services for the mobile device. The mobile wallet provider can be similar or identical to mobile wallet provider 130 (FIG. 1). The financial institution can be similar or identical to financial institution 160 (FIG. 1). The token service provider can be similar or identical to token service provider 150 (FIG. 1). The mobile network operator can be similar or identical to mobile network operator 140 (FIG. 1).

As an example, a user (e.g., user 110 (FIG. 1)) can attempt to provision an account (e.g., a credit card) to a mobile wallet (e.g., in a mobile device (e.g., mobile device 120 (FIG. 1)) of the user, such as by using user interface display 500, as shown in FIG. 5 and described below. The provisioning request can be sent by the mobile wallet (e.g., 121 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1) to the mobile wallet provider (e.g., 130 (FIG. 1)). In some embodiments, mobile wallet provider 130 (FIG. 1) can be separate from the mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and financial institution 160 (FIG. 1). In other embodiments, mobile wallet provider 130 (FIG. 1) can be part of, or managed by, one of the other entities. For example, if mobile wallet provider 130 (FIG. 1) is Chase Pay, then financial institution 160 (FIG. 1) can be Chase Bank, and mobile wallet provider 130 (FIG. 1) can be part of financial institution 160 (FIG. 1). In other examples, mobile wallet provider 130 can be part of or controlled by mobile network operator 140 (FIG. 1), or token service provider 150 (FIG. 1).

In many embodiments, mobile wallet provider 130 (FIG. 1) can be the provider sending the inquiry that is received by risk determination system 170 (FIG. 1) in block 201. In other embodiments, after mobile wallet provider 130 (FIG. 1) receives the provisioning request, it can send one or more requests for information, provisioning, or authentication to other entities, such as mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1), after which the one or more entities that received the one or more requests can send the inquiry that is received by risk determination system 170 (FIG. 1) in block 201. As an example, mobile wallet provider 130 (FIG. 1) can receive the provisioning request and can send the provisioning request to token service provider 150 (FIG. 1), after which token service provider 150 (FIG. 1) can send the inquiry to risk determination system 170 (FIG. 1) that is received in block 201. As another example, mobile wallet provider 130 (FIG. 1) can receive the provisioning request and can send the provisioning request to token service provider 150 (FIG. 1), after which token service provider 150 (FIG. 1) can send to financial institution 160 (FIG. 1) a request for information in order to authenticate the account, after which financial institution 160 (FIG. 1) can then send the inquiry that is received in block 201 to risk determination system 170 (FIG. 1). In yet another example, mobile wallet provider 130 (FIG. 1) can send a request to financial institution 160 (FIG. 1), which can then send the inquiry that is received in block 201 to risk determination system 170 (FIG. 1). In still other examples, the inquiry received in block 201 can be received based on other processing flows of the provisioning transaction.

In some embodiments, the inquiry can include multiple inquiries from one or more systems, such as mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1). For example, in some embodiments, after mobile wallet provider 130 (FIG. 1) receives a provisioning request, mobile wallet provider 130 (FIG. 1) can send sent a request to mobile network operator 140 (FIG. 1) to authenticate that user 110 (FIG. 1) is the owner of mobile device 120 (FIG. 1), and mobile network operator 140 (FIG. 1) can send part of the inquiry to risk determination system 170 (FIG. 1) that is received in block 201. Further, mobile wallet provider 130 (FIG. 1) can send a request to token service provider 150 (FIG. 1). In many embodiments, token service provider 150 (FIG. 1) can send part of the inquiry to risk determination system 170 (FIG. 1) that is received in block 201. In many embodiments, risk determination system 170 (FIG. 1) can be separate from mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and financial institution 160 (FIG. 1). In other embodiments, risk determination system 170 (FIG. 1) can be part of, or managed by an entity that manages one of, mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1).

In some embodiments, the inquiry received in block 201 can include account information about the account and/or device information about a mobile device that operates that mobile wallet. In many embodiments, the mobile device can be similar or identical to mobile device 120 (FIG. 1)). In many embodiments, the account information can include information about the account that the user (e.g., 110 (FIG. 1)) is attempting to provision. For example, when the user (e.g., 110 (FIG. 1)) attempts to add an account, such as a credit card to a mobile wallet (e.g., 120 (FIG. 1)), the user (e.g., 110 (FIG. 1)) can be asked to input account information, and this account information can be sent to risk determination system 170 (FIG. 1) in the inquiry received in block 201. For example, the account information can include the primary account number (PAN); the first, middle and last name of the account owner; the street address, city, state, and ZIP code of the residence of the account owner; and/or other information of the account owner, such as email address, phone number, or other personally identifiable information (PII), such as driver's license number, birth date, birthplace, social security number, etc.

In several embodiments, the device information can include information about the mobile device (e.g., 120 (FIG. 1)) of the user (e.g., 110 (FIG. 1)), information about the mobile wallet (e.g., 121 (FIG. 1)) on the mobile device (e.g., 120 (FIG. 1)), and/or information about the provisioning request on the mobile wallet (e.g., 121 (FIG. 1)). For example, the device information can include the information about the identity of the mobile wallet provider (e.g., 130 (FIG. 1)); a wallet provider identifier (ID), which can be hashed in many embodiments; a secure element ID, if the mobile device (e.g., 120 (FIG. 1)) includes a secure element (e.g., a tamper-resistant security/cryptographic chip/processing element); a device ID; a SIM (subscriber identity mobile) ID; the full phone number of the mobile device (e.g., 120 (FIG. 1)); device fingerprint (e.g., information about the operating system and software running on the mobile device (e.g., 120 (FIG. 1)), and/or unique identifiers on the mobile device (e.g., 120 (FIG. 1)), such as the MAC (media access control) address or other unique serial numbers assigned to the mobile device); the date and time (e.g., timestamp) of the provisioning request; information about the type of provisioning record/request (e.g., adding an account, changing an account, deleting an account, etc.); and/or other suitable information.

In a number of embodiments, method 200 also can include a block 202 of determining device ownership information for the mobile device that operates the mobile wallet, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. In various embodiments, device ownership information can include information about the actual owner of the mobile device (e.g., 120 (FIG. 1). In several embodiments, account ownership information can include information about the actual owner of the account. In many embodiments, device risk information can include information about known risks or historical negative events that involved mobile device 120 (FIG. 1). In several embodiments, account risk information can include information about known risks or historical negative events that involved the account and/or the account owner. In some embodiments, block 202 can be implemented as shown in FIG. 3 and described below.

In several embodiments, method 200 additionally can include a block 203 of determining an ownership correlation between the device ownership information and the account ownership information. The ownership correlation can be based on a determination of whether the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account. For example, if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account, there can be an ownership correlation, but if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation. Sometimes, the account ownership information and/or the device ownership information can involve a family plan or corporate plan for a mobile device (e.g., 120 (FIG. 1)), or authorized users for an account (e.g., a business account with authorized users), and the ownership correlation can determine whether there is a correlation between authorized individuals for the account and the mobile device (e.g., 120 (FIG. 1)). In such cases, even though the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation, there can be an ownership correlation, based on the family plan or corporate plan for the mobile device (e.g., 120 (FIG. 1)), and/or based on the authorized users for an account (e.g., a business account with authorized users).

In a number of embodiments, method 200 further can include a block 204 of generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information. In many embodiments, risk determination system can perform business rules to help determine a risk of fraud. For example, a business rule can be that the owner (or authorized user) of the mobile device (e.g., 120 (FIG. 1)) must be the same as the owner (or authorized user) of the account. The ownership correlation can be used to determine whether this business rule is satisfied. In some embodiments, other or additional business rules can be used. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. For example, in many embodiments, the business rules can be rules provided and/or imposed by one or more of the businesses involved with the provisioning, such as mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1). In other embodiments, the business rules can be developed internally for risk determination system 170 (FIG. 1), and can be based on the knowledge and experience of the owners and/or operators of risk determination system 170 (FIG. 1). A further example of a business rule can be, “if the ownership of the mobile device has changed in the last 3 months, then flag the provisioning request for further investigation.” Yet another example of a business rule can “if the account ownership is less than 3 months old, then return all the negative information related to the account owner in the response.”

In many embodiments, risk determination system 170 can perform statistical modeling techniques, such as machine algorithms, to determine the fraud risk level. The machine algorithms can identify patterns that indicate likely fraud, and use those patterns to detect when a provisioning request likely is fraudulent. For example, the machine algorithms can “learn” that, when the user (e.g., 110 (FIG. 1)) changes the home address on the account, but the home address information known to the mobile network operator (e.g., 140 (FIG. 1)) does not change, then there is an 85% chance of fraud. Accordingly, the machine algorithm can flag the provisioning request if those parameters are met. The machine algorithms can change over time as the machine “learns” more and more. In some embodiments, the machine algorithms can include statistical modeling techniques, such as logistic regression. In the same or other embodiments, the machine algorithms can include machine learning algorithms, such as clustering, neural networks, or other suitable machine learning algorithms.

In many embodiments, the business rules and/or one or more statistical modeling techniques can use various pieces of information as inputs, such as the ownership correlation, the device risk information, the account risk information, and/or other information obtained by or determined by risk determination system 170 (FIG. 1). Examples of additional information that can be used by risk determination system 170 (FIG. 1) can include information about mobile device 120 (FIG. 1), such as account status (active, shut-down, canceled, etc.); if mobile device 120 (FIG. 1) is rooted or jailbroken; changes to mobile device 120 (FIG. 1), such as a change of the mobile network operator (e.g., 140 (FIG. 1)) that is associated with mobile device 120 (FIG. 1), a change of ownership, a change of SIM cards, etc.; data from mobile device 120 (FIG. 1), such as device information (e.g., applications on the device, data used, device fingerprint, etc.) collected by collector software in mobile wallet 121 (FIG. 1); data from mobile network operator 140 (FIG. 1) about user 110 (FIG. 1), such as CRM (customer relationship management data), including name, address, status of the device, if the device has been ported (i.e., the same phone number moved to a new mobile device (e.g., 120 (FIG. 1)), etc.; the device information and account information included in the inquiry; information obtained from mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1); information available in databases within risk determination system 170 (FIG. 1), as shown in FIG. 4 and described below; and/or other suitable information.

In a number of embodiments, the business rules and/or one or more statistical modeling techniques can be applied to some, but not all of the information listed above. In other embodiments, all of the information listed above can be used as inputs to the business rules and/or one or more statistical modeling techniques. In some embodiments, the business rules and/or one or more statistical modeling techniques can be performed in a step-wise fashion on various different inputs. In one example, the business rules can be used on certain types of information and the statistical modeling techniques can be used on different types of information. In many embodiments, the inputs can be weighted in the machine algorithms, such that certain pieces of information have a greater effect on the output than other pieces of information. In some embodiments, the risk determination performed by risk determination system 170 (FIG. 1) can depend on who the provider is and at what point of the provisioning process the provider sends the inquiry to risk determination system 170 (FIG. 1).

In several embodiments, the business rules and/or one or more statistical modeling techniques can generate as output one or more pieces of information, which can, in some embodiments, include a fraud risk level. In many embodiments, the fraud risk level can be represented by a risk score, such as numeric score, an alphabetical score, a color score (e.g., green for low risk, yellow for medium risk, or red for high risk), or another suitable type of score. In some embodiments, a low fraud risk level can indicate that no negative or suspicious events were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In several embodiments, a medium fraud risk level can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In many embodiments, a high risk level can indicate that there are major risks associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request, such as a credit card being compromised, an account having negative history, or a phone number of the mobile device (e.g., 120 (FIG. 1)) that does not match the phone number associated with the account.

In some embodiments, the outputs of the business rules and/or one or more statistical modeling techniques can include additional information to explain the reason for the risk score, such as factors that were relevant to generating the risk score, raw data that was relevant in generating the risk score, the results of execution of one or more business rules that resulted in the risk score, the results of the machine algorithm that resulted in the risk score, or other information that resulted in the risk score, such as an identification of the portions of the device ownership information that were relevant to determining the risk score, the account ownership information, the device risk information, the account risk information, and/or the ownership correlation.

In several embodiments, method 200 optionally can include a block 205 of performing an out-of-band verification based on the fraud risk level. In some embodiments, block 205 is performed only if the fraud risk level is medium risk. In other embodiments, block 205 can be performed if the fraud risk level is medium or high risk. In many embodiments, the out-of-band verification can involve contacting the user (e.g., 110) through a different channel of communication than the channel through which the provisioning request was initiated. For example, the user (e.g., 110) can be contacted by phone, email, text message, or another suitable method using contact information previously stored for the user at one or more of mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), financial institution 160 (FIG. 1), and/or risk determination system 170 (FIG. 1) to determine that the user (e.g., 110) that initiated the provisioning request is the same person as the user is purported to be in the provisioning request.

In a number of embodiments, method 200 can include, after block 205, a block 206 of updating the fraud risk level based on the out-of-band verification. For example, if the out-of-band verification determines that the user is legitimate (e.g., not likely a fraudster), the fraud risk level can be updated to be lowered to low risk. If the out-of-band verification determines that the user is not legitimate, the fraud risk level can be updated to be raised to high risk.

In several embodiments, method 200 additionally can include a block 207 of providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet. In many embodiments, the response can include the fraud risk level and other outputs of the business rules and/or one or more statistical modeling techniques. In some embodiments, the response can include a risk score, as explained above, and in many embodiments can include one or more factors that indicate reasons for the risk score. In many embodiments, after the provider receives the response, the provider can determine how to handle the provisioning request. For example, the provider can successfully complete the provisioning request if the fraud risk level is low; can perform additional authentication if the fraud risk level is medium; and can block the provisioning request if the fraud risk level is high. In many embodiments, the response to the provider of a medium fraud risk level can be eliminated by risk determination system 170 performing the out-of-band verification in block 205 and updating the fraud risk level in block 206. In other embodiments, blocks 205 and 206 are not performed by risk determination system 170 (FIG. 1), and additional verification is performed by the provider after receiving a certain type of response, such as a medium fraud risk level response. In a number of embodiments, the information sent from the provider to the mobile device can include the outcome of the provisioning request. In several embodiments, the user interface display on the mobile device can be similar or identical to user interface display 600, as shown in FIG. 6 and described below.

Turning ahead in the drawings, FIG. 3 illustrates a flow chart of a block 202 of determining device ownership information for a mobile device that operates the mobile wallet, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account, according to an embodiment. Block 202 is merely exemplary and is not limited to the embodiments presented herein. Block 202 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the procedures, the processes, and/or the activities of block 202 can be performed in the order presented. In other embodiments, the procedures, the processes, and/or the activities of block 202 can be performed in any suitable order. In still other embodiments, one or more of the procedures, the processes, and/or the activities of block 202 can be combined or skipped.

Referring to FIG. 3, in some embodiments, block 202 optionally can include a block 301 of determining the device ownership information using at least a portion of the device information. The device information can be received in the inquiry, as described above.

In a number of embodiments, block 202 also optionally can include a block 302 of querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device to determine the device ownership information. The mobile device identifier database can be similar or identical to mobile device identifier database 406, as shown in FIG. 4 and described below. The mobile network operator can be similar or identical to mobile network operator 140 (FIG. 1). For example, risk determination system 170 (FIG. 1) can determine the device ownership information by querying information in the mobile device identifier database and/or making a call out, such as in real-time, to mobile network operator 140 (FIG. 1) to receive current device ownership information from mobile network operator 140 (FIG. 1).

In many embodiments, determining the device ownership information in block 202 (FIG. 2) can include only one of block 301 of determining the device ownership information using at least a portion of the device information or block 302 of querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device to determine the device ownership information. In other embodiments, determining the device ownership information in block 202 (FIG. 2) can include both of block 301 of determining the device ownership information using at least a portion of the device information and block 302 of querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device to determine the device ownership information. For example, the device ownership information received from the mobile device identifier database and/or the mobile network operator can supplement and/or correct the device ownership information determined using at least a portion of the device information.

In several embodiments, block 202 additionally optionally can include a block 303 of determining the account ownership information using at least a portion of the account information. The account information can be received in the inquiry, as described above.

In a number of embodiments, block 202 further optionally can include a block 304 of querying at least one of an account owner elements database or a financial institution that maintains the account to determine the account ownership information. The account owner elements database can be similar or identical to account owner elements database 407, as shown in FIG. 4 and described below. The financial institution can be similar or identical to financial institution 160 (FIG. 1). For example, risk determination system 170 (FIG. 1) can determine the account ownership information by querying information in the account owner elements database and/or making a call out, such as in real-time to financial institution 160 (FIG. 1) to receive current account ownership information from financial institution 160 (FIG. 1).

In many embodiments, determining the account ownership information in block 202 (FIG. 2) can include only one of a block 303 of determining the account ownership information using at least a portion of the account information or block 304 of querying at least one of an account owner elements database or a financial institution that maintains the account to determine the account ownership information. In other embodiments, determining the account ownership information in a block 303 of determining the account ownership information using at least a portion of the account information and block 304 of querying at least one of an account owner elements database or a financial institution that maintains the account to determine the account ownership information. For example, the account ownership information received from the account owner elements database and/or the financial institution can supplement and/or correct the account ownership information determined using at least a portion of the account information.

In several embodiments, block 202 additionally optionally can include a block 305 of querying one or more databases that aggregate negative mobile device events. The one or more databases that aggregate negative mobile device events can be similar or identical to negative mobile device events database 408, as shown in FIG. 4 and described below. In many embodiments, the information obtained from the one or more databases that aggregate negative mobile device events can be used at least in part to determine the device risk information. For example, risk determination system 170 (FIG. 1) can determine the device risk information by querying information in negative mobile device events database 408 (FIG. 4).

In a number of embodiments, block 202 further optionally can include a block 306 of querying one or more databases that aggregate negative account events from multiple financial institutions. The one or more databases that aggregate negative account events from multiple financial institutions can be similar or identical to negative account events database 409, as shown in FIG. 4 and described below. In many embodiments, the information obtained from the one or more databases that aggregate negative account events can be used at least in part to determine the account risk information. For example, risk determination system 170 (FIG. 1) can determine the account risk information by querying information in negative account events database 409 (FIG. 4).

Turning ahead in the drawings, FIG. 4 illustrates a block diagram of risk determination system 170 that can be employed for facilitating a risk determination as part of provisioning an account to a mobile wallet (e.g., 121 (FIG. 1)), according to an embodiment. Risk determination system 170 is merely exemplary, and embodiments of the risk determination system are not limited to the embodiments presented herein. The risk determination system can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of risk determination system 170, as shown in FIG. 4, can perform various procedures, processes, and/or activities. In other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of risk determination system 170.

In several embodiments, risk determination system 170 can include a communication system 401, a querying system 402, an ownership system 403, a risk generation system 404, a verification system 405, a mobile device identifier database 406, an account owner elements database 407, a negative mobile device events database 408, and/or a negative account events database 409.

In many embodiments, communication system 401 can at least partially perform block 201 (FIG. 2) of receiving an inquiry from a provider to authenticate the provisioning of an account to a mobile wallet, and/or block 207 (FIG. 2) of providing a response to the provider based on the fraud risk level.

In a number of embodiments, querying system 402 can at least partially perform block 202 (FIG. 2) of determining device ownership information for a mobile device that operates the mobile wallet, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account; block 301 (FIG. 3) of determining the device ownership information using at least a portion of the device information; block 302 (FIG. 3) of querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device; block 303 (FIG. 3) of determining the account ownership information using at least a portion of the account information; block 304 (FIG. 3) of querying at least one of an account owner elements database or a financial institution that maintains the account; block 305 (FIG. 3) of querying one or more databases that aggregate negative mobile device events; and/or block 306 (FIG. 3) of querying one or more databases that aggregate negative account events from multiple financial institutions.

In several embodiments, ownership system 403 can at least partially perform block 203 (FIG. 2) of determining an ownership correlation between the device ownership information and the account ownership information.

In a number of embodiments, risk generation system 404 can at least partially perform block 204 (FIG. 2) of generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information.

In several embodiments, verification system 405 can at least partially perform block 205 (FIG. 2) of performing an out-of-band verification based on the fraud risk level, and/or block 206 (FIG. 2) of updating the fraud risk level based on the out-of-band verification.

In a number of embodiments, mobile device identifier database 406 can include information about mobile devices (e.g., mobile device 120 (FIG. 1)), such as mobile network service provider account data and mobile device data. The mobile network service provider account data can include information such as mobile device account numbers, PII for mobile device account holders, current mobile device account status (e.g., good standing, closed, reported stolen, etc.), phone number changes, service provider changes, and/or other suitable information The mobile device data can include SIM card status, changes in location (e.g., roaming, home, international), device ID, device status, biometrics, previous verification information for the mobile device (e.g., 120 (FIG. 1)), phone number, and/or other suitable information. In some embodiments, the information in mobile device identifier database 406 can be updated periodically from data received from mobile network operators (e.g., mobile network operator 140 (FIG. 1)), and/or can be obtained through real-time call-outs to one or more mobile network operators (e.g., mobile network operator 140 (FIG. 1).

In several embodiments, account owner elements database 407 can include account information, such as PII and account attributes, which can be aggregated from one or more financial institutions (e.g., 160 (FIG. 1). In many embodiments, the account information can be aggregated from multiple financial institutions. The PII can include the first, middle and last name of account holders; the street address, city, state, and ZIP code of the residence of the account holders; and/or other information of the account holders, such as email address, phone number, driver's license number, birth date, birthplace, social security number, etc. The account attributes can include information about each of the accounts, such as the type of account (e.g., credit card account), the account ID, the date on which the account was opened, previous changes to the account, the name of the financial institution (e.g., 160 (FIG. 1)) that maintains the account, the balance in the account, information about declined or approved account applications, information about previous authentication of the account owner, previous changes to credit limits, additional account holders on the account, previous address changes on the account, reported income, Metro 2 files (i.e., information sent from financial institutions to credit bureaus about credit card accounts), cross-reference information linking card account numbers (e.g., debit card numbers) to underlying account numbers (e.g., checking account numbers), and/or other suitable information. In some embodiments, the information in account owner elements database 407 can be updated periodically from data received from financial institutions (e.g., financial institution 160 (FIG. 1)), and/or can be obtained through real-time call-outs to one or more financial institution (e.g., financial institution 160 (FIG. 1)).

In a number of embodiments, negative mobile device events database 408 can include information about mobile devices (e.g., 120 (FIG. 1)) that have been reported stolen, information about stolen SIM cards, information about fraudulent use by mobile devices (e.g., 120 (FIG. 1)) for payments, account applications, or other transactions, information about negative account activity, previous provisioning activity on the mobile device (e.g., 120 (FIG. 1)) that resulted in fraud, and/or information about other negative events associated with a mobile device (e.g., 120 (FIG. 1)).

In several embodiments, negative account events database 409 can include negative events recorded, common points of purchase data, credit card abuse data, third-party fraud contribution data, and/or other suitable information about negative account activity. The negative events recorded can include returned checks, not sufficient funds, previous fraudulent activity, etc. The common points of purchase data can include accounts that have possibly been compromised, as determined based on whether the account was present at a time and location (e.g., a merchant) in which other accounts (including accounts maintained by other financial institutions) have been compromised (e.g., Target data breach, Internal Revenue Service (IRS) data breaches, or other fraudulent activity). The credit card abuse data can include PII of credit card holders and information about charge-offs, credit being revoked, principal balance utilization abuse, customer disputes, loss fees and interest, and/or other suitable information. The third party fraud contribution data can include PII of the card holders and information about lost cards, stolen cards, fraudulent credit card applications, account takeovers, counterfeit cards, and/or other suitable information.

In many embodiments, the systems and method of authentication and fraud prevention in provisioning a mobile wallet can beneficially provide a significant reduction in the level of third-party fraud originating from mobile wallets (e.g., 120 (FIG. 1)). In several embodiments, the systems and method of authentication and fraud prevention in provisioning mobile wallet can advantageously use data collected from many different entities, such as through periodic reporting and/or real-time call-outs. In several embodiments, the systems and method of authentication and fraud prevention in provisioning a mobile wallet can beneficially use risk indicators, such as the risk of data compromise under the common points of purchase data and other negative event information contributed from multiple financial institution (e.g., financial institution 160 (FIG. 1)). In many embodiments, the information can be queried from databases (e.g., 406-409 (FIG. 4)) and/or obtained through real-time call-outs, and business rules and/or machine algorithms can be applied to the queries, such as individually or collectively. In several embodiments, the holistic use of data aggregated from several sources, including mobile wallet providers (e.g., 130 (FIG. 1)), mobile network operators (e.g., 140 (FIG. 1)), token service providers (e.g., 150 (FIG. 1)), and/or financial institutions 160 (FIG. 1) can more accurately predict the level of risk, which can significantly decrease the number of out-of-band verifications performed during the provisioning of an account to a mobile wallet.

Turning ahead in the drawings, FIG. 5 illustrates an exemplary user interface display 500 to allow a user (e.g., 110 (FIG. 1)) to request associating an account with a mobile wallet (e.g., 121 (FIG. 1)) on a mobile device (e.g., 120 (FIG. 1)). User interface display 500 is merely exemplary, and embodiments of the user interface display are not limited to the embodiments presented herein. The user interface display can be employed in many different embodiments or examples not specifically depicted or described herein, and can include other suitable elements. In many embodiments, mobile wallet 121 (FIG. 1) can provide an interface for display on mobile device 120 (FIG. 1), which can include user interface display 500. In a number of embodiments, the interface can allow user 110 (FIG. 1) to initiate a provisioning request, such as by interfacing with user interface display 500.

In a number of embodiments, user interface display 500 can include a title bar 501, an account type selector 510, an account number field 520, an account owner field 530, and/or a selection button 540. In many embodiments, title bar 501 can indicate include the name of the mobile wallet. In a number of embodiments, user interface display 500 can include various input fields, such as, for example, account type selector 510, account number field 520, and/or account owner field 530, through which user 110 (FIG. 1) can input information about the account to be provisioned to the mobile wallet. For example, account type selector 510 can allow user 110 (FIG. 1) to enter the type of the account, such as “Checking Account” or “Credit Card Account” for the account that user 110 (FIG. 1) would like to be associated with mobile wallet 121 (FIG. 1). As another example, account number field 520 can allow user 110 (FIG. 1) to enter the account number for the account that user 110 (FIG. 1) would like to be associated with mobile wallet 121 (FIG. 1). As yet another example, account owner field 530 can allow user 110 (FIG. 1) to enter the name of the account owner for the account that user 110 (FIG. 1) would like to be associated with mobile wallet 121 (FIG. 1). In other embodiments, the input fields in user interface display 500 can include additional or other suitable input fields. In several embodiments, selection button 540 can include a description of the action that is requested by selecting selection button 540, such as “Associate Account.” In many embodiments, once user 110 (FIG. 1) has entered the requested information in the input fields (e.g., 510, 520, 530), user 110 (FIG. 1) can select selection button 540 to request provisioning of the account that user 110 (FIG. 1) would like to be associated with mobile wallet 121 (FIG. 1), and mobile wallet 121 (FIG. 1) can send the request from mobile device 120 (FIG. 1) to mobile wallet provider 130 (FIG. 1).

Turning ahead in the drawings, FIG. 6 illustrates an exemplary user interface display 600 to display to a user (e.g., 110 (FIG. 1)) the results of the provisioning request initiated using user interface display 500 (FIG. 5). User interface display 600 is merely exemplary, and embodiments of the user interface display are not limited to the embodiments presented herein. The user interface display can be employed in many different embodiments or examples not specifically depicted or described herein, and can include other suitable elements. User interface display 600 can be similar to user interface display 500 (FIG. 5), and various elements of user interface display 600 can be similar or identical to various elements of user interface display 500 (FIG. 5). In many embodiments, the interface provided by mobile wallet 121 (FIG. 1) on mobile device 120 (FIG. 1) can include user interface display 600. In a number of embodiments, the interface can display to user 110 (FIG. 1) the results of the provisioning request, such as through user interface display 600.

In a number of embodiments, user interface display 600 can include a title bar 601, a provisioning outcome field 610, a completion selection button 620, and/or a repeat selection button 630. In many embodiments, title bar 601 can indicate include the name of the mobile wallet. Title bar 601 can be similar or identical to title bar 501 (FIG. 5). In a number of embodiments, provisioning outcome field 610 can display information about the outcome of the provisioning request initiated by user 110 (FIG. 1) through user interface display 500 (FIG. 5). For example, provisioning outcome field 610 can display text indicating that “The Checking Account has been successfully associated with the Mobile Wallet.” Alternatively, if the outcome of the provisioning request was unsuccessful, provisioning outcome field 610 can display text indicating that “The Checking Account was unable to be associated with the Mobile Wallet,” and/or additional information about why the provisioning was unsuccessful and/or how to address the reasons for the unsuccessful provisioning. In many embodiments, once user 110 (FIG. 1) has read the information in provisioning outcome field 610, user 110 (FIG. 1) can select selection button 620 to complete the provisioning process, or can select selection button 630 to return to user display interface 500 (FIG. 5) to attempt to add another account to mobile wallet 121 (FIG. 1) (or to retry adding the same account to mobile wallet 121 (FIG. 1)).

Turning ahead in the drawings, FIG. 7 illustrates a flow chart for a method 700. In some embodiments, method 700 can be a method of determining a risk level in provisioning an account to a mobile wallet. Method 700 is merely exemplary and is not limited to the embodiments presented herein. Method 700 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the procedures, the processes, and/or the activities of method 700 can be performed in the order presented. In other embodiments, the procedures, the processes, and/or the activities of method 700 can be performed in any suitable order. In still other embodiments, one or more of the procedures, the processes, and/or the activities of method 700 can be combined or skipped. In some embodiments, method 700 can be performed by mobile wallet provider 130 (FIG. 1).

Referring to FIG. 7, method 700 can include a block 701 of receiving a request from a mobile wallet operating on a mobile device to perform a provisioning of an account to the mobile wallet. The mobile wallet can be similar or identical to mobile wallet 121 (FIG. 1). The mobile device can be similar or identical to mobile device 120 (FIG. 1). In many embodiments, the account can be at least one of a demand deposit account, a debit card account, or a credit card account. As an example, a user (e.g., user 110 (FIG. 1)) can attempt to provision an account (e.g., a credit card) to a mobile wallet (e.g., in a mobile device (e.g., mobile device 120 (FIG. 1)) of the user, such as by using user interface display 500 (FIG. 5). The provisioning request can be sent by the mobile wallet (e.g., 121 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)), and received by the mobile wallet provider (e.g., 130 (FIG. 1)).

In a number of embodiments, method 700 also can include a block 702 of generating account information about the account. In many embodiments, the account information can include information about the account that the user (e.g., 110 (FIG. 1)) is attempting to provision. For example, when the user (e.g., 110 (FIG. 1)) attempts to add an account, such as a credit card to the mobile wallet (e.g., 120 (FIG. 1)), the user (e.g., 110 (FIG. 1)) can be asked to input account information, such as in the input fields (e.g., 510, 520, 530) in FIG. 5, and this account information can be sent by the mobile wallet (e.g., 121 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)), and received by the mobile wallet provider (e.g., 130 (FIG. 1)) in the request received in block 701. In some embodiments, additional account information can be determined by the mobile wallet provider (e.g., 130 (FIG. 1)) using information already stored in the mobile wallet provider (e.g., 130 (FIG. 1)), based on the account information received in the request received in block 701 For example, the account information can include the primary account number (PAN); the first, middle and last name of the account owner; the street address, city, state, and ZIP code of the residence of the account owner; and/or other information of the account owner, such as email address, phone number, or other personally identifiable information (PII), such as driver's license number, birth date, birthplace, social security number, etc.

In several embodiments, method 700 additionally can include a block 703 of generating device information about the mobile device. In many embodiments, the device information can include information about the mobile device (e.g., 120 (FIG. 1)) of the user (e.g., 110 (FIG. 1)), information about the mobile wallet (e.g., 121 (FIG. 1)) on the mobile device (e.g., 120 (FIG. 1)), and/or information about the provisioning request on the mobile wallet (e.g., 121 (FIG. 1)). In various embodiments, some of this information can be received by the mobile wallet provider (e.g., 130 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)) and/or the mobile wallet (e.g., 121 (FIG. 1)). For example, the device information can include the information about the identity of the mobile wallet provider (e.g., 130 (FIG. 1)); a wallet provider identifier (ID), which can be hashed in many embodiments; a secure element ID, if the mobile device (e.g., 120 (FIG. 1)) includes a secure element (e.g., a tamper-resistant security/cryptographic chip/processing element); a device ID; a SIM (subscriber identity mobile) ID; the full phone number of the mobile device (e.g., 120 (FIG. 1)); device fingerprint (e.g., information about the operating system and software running on the mobile device (e.g., 120 (FIG. 1)), and/or unique identifiers on the mobile device (e.g., 120 (FIG. 1)), such as the MAC (media access control) address or other unique serial numbers assigned to the mobile device); the date and time (e.g., timestamp) of the provisioning request; information about the type of provisioning record/request (e.g., adding an account, changing an account, deleting an account, etc.); and/or other suitable information.

In a number of embodiments, method 700 further can include a block 704 of sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet. The risk determination system can be similar or identical to risk determination system 170 (FIG. 1). In some embodiments, the inquiry can include the account information and the device information. In many embodiments, the risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account. In many embodiments, the inquiry can be sent directly to the risk determination system. In other embodiments, the inquiry can be sent to the risk determination system through at least one of a financial institution that maintains the account, a token service provider that provides tokenization services for the account, or a mobile network operator that provides mobile network services for the mobile device. The financial institution can be similar or identical to financial institution 160 (FIG. 1). The token service provider can be similar or identical to token service provider 150 (FIG. 1). The mobile network operator can be similar or identical to mobile network operator 140 (FIG. 1).

In various embodiments, the device ownership information can include information about the actual owner of the mobile device (e.g., 120 (FIG. 1). In many embodiments, the device ownership information can be determined by the risk determination system based on at least one of: (a) at least a portion of the device information, or (b) the risk determination system querying at least one of: (i) a mobile device identifier database in the risk determination system, or (ii) a mobile network operator that provides mobile network services for the mobile device.

In several embodiments, the account ownership information can include information about the actual owner of the account. In some embodiments, the account ownership information can be determined by the risk determination system based on at least one of: (1) at least a portion of the account information, or (b) the risk determination system querying at least one of: (i) an account owner elements database in the risk determination system, or (ii) a financial institution that maintains the account.

In some embodiments, the ownership correlation can be based on a determination of whether the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account. For example, if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account, there can be an ownership correlation, but if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation. Sometimes, the account ownership information and/or the device ownership information can involve a family plan or corporate plan for a mobile device (e.g., 120 (FIG. 1)), or authorized users for an account (e.g., a business account with authorized users), and the ownership correlation can determine whether there is a correlation between authorized individuals for the account and the mobile device (e.g., 120 (FIG. 1)). In such cases, even though the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation, there can be an ownership correlation, based on the family plan or corporate plan for the mobile device (e.g., 120 (FIG. 1)), and/or based on the authorized users for an account (e.g., a business account with authorized users).

In many embodiments, the device risk information can include information about known risks or historical negative events that involved the mobile device (e.g., 120 (FIG. 1)). In a number of embodiments, the device risk information can be determined by the risk determination system querying one or more databases in the risk determination system that aggregate negative mobile device events.

In several embodiments, the account risk information can include information about known risks or historical negative events that involved the account and/or the account owner. In some embodiments, the account risk information can be determined by the risk determination system querying one or more databases in the risk determination system that aggregate negative account events from multiple financial institutions.

In various embodiments, the business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. For example, a business rule can be that the owner (or authorized user) of the mobile device (e.g., 120 (FIG. 1)) must be the same as the owner (or authorized user) of the account. The ownership correlation can be used to determine whether this business rule is satisfied. In some embodiments, other or additional business rules can be used. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. For example, in many embodiments, the business rules can be rules provided and/or imposed by one or more of the businesses involved with the provisioning, such as mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1). In other embodiments, the business rules can be developed for the risk determination system (e.g., 170 (FIG. 1)), and can be based on the knowledge and experience of the owners and/or operators of the risk determination system (e.g., 170 (FIG. 1)). A further example of a business rule can be, “if the ownership of the mobile device has changed in the last 3 months, then flag the provisioning request for further investigation.” Yet another example of a business rule can “if the account ownership is less than 3 months old, then return all the negative information related to the account owner in the response.”

In some embodiments, the one or more one or more statistical modeling techniques can include logistic regression. In many embodiments, machine algorithms can identify patterns that indicate likely fraud, and use those patterns to detect when a provisioning request likely is fraudulent. For example, the machine algorithms can “learn” that, when the user (e.g., 110 (FIG. 1)) changes the home address on the account, but the home address information known to the mobile network operator (e.g., 140 (FIG. 1)) does not change, then there is an 85% chance of fraud. Accordingly, the machine algorithm can flag the provisioning request if those parameters are met. The machine algorithms can change over time as the machine “learns” more and more. In some embodiments, the machine algorithms can include statistical modeling techniques, such as logistic regression. In the same or other embodiments, the machine algorithms can include machine learning algorithms, such as clustering, neural networks, or other suitable machine learning algorithms.

In many embodiments, the business rules and/or the one or more statistical modeling techniques can use various pieces of information as inputs, such as the ownership correlation, the device risk information, the account risk information, and/or other information obtained by or determined by the risk determination system (e.g., 170 (FIG. 1)). Examples of additional information that can be used by the risk determination system (e.g., 170 (FIG. 1)) can include information about the mobile device (e.g., 120 (FIG. 1)), such as account status (active, shut-down, canceled, etc.); if the mobile device (e.g., 120 (FIG. 1)) is rooted or jailbroken; changes to the mobile device (e.g., 120 (FIG. 1)), such as a change of the mobile network operator (e.g., 140 (FIG. 1)) that is associated with the mobile device (e.g., 120 (FIG. 1)), a change of ownership, a change of SIM cards, etc.; data from the mobile device (e.g., 120 (FIG. 1)), such as device information (e.g., applications on the device, data used, device fingerprint, etc.) collected by collector software in the mobile wallet (e.g., 121 (FIG. 1)); data from the mobile network operator (e.g., 140 (FIG. 1)) about the user (e.g., 110 (FIG. 1)), such as CRM (customer relationship management data), including name, address, status of the device, if the device has been ported (i.e., the same phone number moved to a new mobile device (e.g., 120 (FIG. 1)), etc.; the device information and account information included in the inquiry; information obtained from the mobile wallet provider (e.g., 130 (FIG. 1)), the mobile network operator (e.g., 140 (FIG. 1)), the token service provider (e.g., 150 (FIG. 1)), and/or the financial institution (e.g., 160 (FIG. 1)); information available in databases (e.g., 406-409 (FIG. 4)) within the risk determination system (e.g., 170 (FIGS. 1 and 4)); and/or other suitable information.

In a number of embodiments, the business rules and/or one or more statistical modeling techniques can be applied to some, but not all of the information listed above. In other embodiments, all of the information listed above can be used as inputs to the business rules and/or one or more statistical modeling techniques. In some embodiments, the business rules and/or one or more statistical modeling techniques can be performed in a step-wise fashion on various different inputs. In one example, the business rules can be used on certain types of information and the statistical modeling techniques can be used on different types of information. In many embodiments, the inputs can be weighted in the machine algorithms, such that certain pieces of information have a greater effect on the output than other pieces of information. In some embodiments, the risk determination performed by the risk determination system (e.g., 170 (FIG. 1)) can depend on who the provider is and at what point of the provisioning process the provider sends the inquiry to the risk determination system (e.g., 170 (FIG. 1)).

In several embodiments, the business rules and/or one or more statistical modeling techniques can generate as output one or more pieces of information, which can, in some embodiments, include a fraud risk level. In many embodiments, the fraud risk level can be represented by a risk score, such as numeric score, an alphabetical score, a color score (e.g., green for low risk, yellow for medium risk, or red for high risk), or another suitable type of score. In some embodiments, a low fraud risk level can indicate that no negative or suspicious events were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In several embodiments, a medium fraud risk level can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In many embodiments, a high risk level can indicate that there are major risks associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request, such as a credit card being compromised, an account having negative history, or a phone number of the mobile device (e.g., 120 (FIG. 1)) that does not match the phone number associated with the account.

In some embodiments, the outputs of the business rules and/or one or more statistical modeling techniques can include additional information to explain the reason for the risk score, such as factors that were relevant to generating the risk score, raw data that was relevant in generating the risk score, the results of execution of one or more business rules that resulted in the risk score, the results of the machine algorithm that resulted in the risk score, or other information that resulted in the risk score, such as an identification of the portions of the device ownership information that were relevant to determining the risk score, the account ownership information, the device risk information, the account risk information, and/or the ownership correlation.

In some embodiments, the risk determination system (e.g., 170 (FIG. 1)), in generating the fraud risk level, can perform an out-of-band verification based on the fraud risk level. In some embodiments, the out-of-band verification can be performed only if the fraud risk level is medium risk. In other embodiments, the out-of-band verification can be performed if the fraud risk level is medium or high risk. In many embodiments, the out-of-band verification can involve contacting the user (e.g., 110) through a different channel of communication than the channel through which the provisioning request was initiated. For example, the user (e.g., 110) can be contacted by phone, email, text message, or another suitable method using contact information previously stored for the user at one or more of the mobile wallet provider (e.g., 130 (FIG. 1)), the mobile network operator (e.g., 140 (FIG. 1)), the token service provider (e.g., 150 (FIG. 1)), the financial institution (e.g., 160 (FIG. 1)), and/or the risk determination system (e.g., 170 (FIG. 1)) to determine that the user (e.g., 110) that initiated the provisioning request is the same person as the user is purported to be in the provisioning request.

In a number of embodiments, the risk determination system (e.g., 170 (FIG. 1)), in generating the fraud risk level, after performing the out-of-band verification, can update the fraud risk level based on the out-of-band verification. For example, if the out-of-band verification determines that the user is legitimate (e.g., not likely a fraudster), the fraud risk level can be updated to be lowered to low risk. If the out-of-band verification determines that the user is not legitimate, the fraud risk level can be updated to be raised to high risk.

In several embodiments, method 700 additionally can include a block 705 of receiving from the risk determination system a first response based on the fraud risk level. In many embodiments, the first response can be received directly from the risk determination system. In other embodiments, the first response can be received from the risk determination system through at least one of the financial institution that maintains the account, the token service provider that provides tokenization services for the account, or the mobile network operator that provides mobile network services for the mobile device. In many embodiments, the response can include a risk score, as explained above, and in some embodiments, can include one or more factors that indicate reasons for the risk score.

In a number of embodiments, method 700 further can include a block 706 of determining whether to proceed with the provisioning of the account to the mobile wallet or to perform an additional verification based at least in part on the first response received from the risk determination system. In many embodiments, if the fraud risk level is low, the determination can be made to proceed with the provisioning of the account to the mobile wallet; if the fraud risk level is medium, the determination can be made to proceed with performing the additional verification; and if the fraud risk level is high, the determination can be made to block the provisioning request. In some embodiments, the determination cab be made to perform the additional verification after receiving a certain type of response, such as a medium fraud risk level response, such as if the out-of-band verification was not performed by the risk determination system (e.g., 170 (FIG. 1)).

In several embodiments, method 700 optionally can include a block 707 of performing the additional verification based at least in part on the response received from the risk determination system. For example, block 707 can be performed when block 706 determines that to perform the additional verification. In some embodiments, block 706 can include block 707. In many embodiments, the additional verification can be similar or identical to the out-of-band verification procedure that can be performed by the risk determination system (e.g., 170 (FIG. 1)). For example, the additional verification can involve contacting the user (e.g., 110) through a different channel of communication than the channel through which the provisioning request was initiated. For example, the user (e.g., 110) can be contacted by phone, email, text message, or another suitable method using contact information previously stored for the user at one or more of mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), financial institution 160 (FIG. 1), and/or risk determination system 170 (FIG. 1) to determine that the user (e.g., 110) that initiated the provisioning request is the same person as the user is purported to be in the provisioning request.

In a number of embodiments, method 700 further optionally can include a block 708 of performing the provisioning of the account to the mobile wallet. In many embodiments, the provisioning of the account to the mobile wallet can be performed when the fraud risk level is determined to be below a predetermined threshold. For example, the provisioning can proceed if the fraud risk level is determined to be low and below the predetermined threshold of medium risk. In other embodiments, other suitable predetermined thresholds can be used. In many embodiments, provisioning the account to the mobile wallet can include authorizing use of the account with the mobile wallet, such as storing information that the account has now been authorized for use in mobile wallet transactions, and can receive token that are linked to the account. In many embodiments, provisioning the account can involve communicating with the token service provider (e.g., 150 (FIG. 1)) and/or receiving one or more tokens that are linked to the account.

In several embodiments, method 700 additionally can include a block 709 of sending a second response to the mobile wallet in response to the request to perform the provisioning of the account to the mobile wallet. In several embodiments, the mobile wallet can update a user interface display on the mobile device based on the second response to display information about the provisioning of the account to the mobile wallet. The user interface display on the mobile device can be similar or identical to user interface display 600 (FIG. 6). In a number of embodiments, the second response can include an indication of whether the provisioning of the account to the mobile wallet was successful. In many embodiments, the second response can include one or more tokens that are linked to the account, which the mobile wallet can use in one or more transactions using the account in the mobile wallet.

Turning ahead in the drawings, FIG. 8 illustrates a block diagram of mobile wallet provider 130 that can be employed for facilitating a risk determination as part of provisioning an account to a mobile wallet (e.g., 121 (FIG. 1)), according to an embodiment. Mobile wallet provider 130 is merely exemplary, and embodiments of the mobile wallet provider are not limited to the embodiments presented herein. The mobile wallet provider can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of mobile wallet provider 130, as shown in FIG. 8, can perform various procedures, processes, and/or activities. In other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of mobile wallet provider 130.

In several embodiments, mobile wallet provider 130 can include a communication system 801, an account information system 802, a device information system 803, a risk assessment system 804, a verification system 805, a provisioning system 806, a mobile device database 807, and/or an account database 808.

In many embodiments, communication system 801 can at least partially perform block 701 (FIG. 7) of receiving a request from a mobile wallet operating on a mobile device to perform a provisioning of an account to the mobile wallet, block 704 (FIG. 7) of sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet, block 705 (FIG. 7) of receiving from the risk determination system a first response based on the fraud risk level, and/or block 709 (FIG. 7) of sending a second response to the mobile wallet in response to the request to perform the provisioning of the account to the mobile wallet.

In a number of embodiments, account information system 802 can at least partially perform block 702 (FIG. 7) of generating account information about the account.

In several embodiments, device information system 803 can at least partially perform block 703 (FIG. 7) of generating device information about the mobile device.

In a number of embodiments, risk assessment system 804 can at least partially perform block 706 (FIG. 7) of determining whether to proceed with the provisioning of the account to the mobile wallet or to perform an additional verification based at least in part on the first response received from the risk determination system.

In several embodiments, verification system 805 can at least partially perform block 707 (FIG. 7) of performing the additional verification based at least in part on the response received from the risk determination system.

In a number of embodiments, provisioning system 806 can at least partially perform block 708 (FIG. 7) of performing the provisioning of the account to the mobile wallet.

In several embodiments, mobile device database 807 can information about mobile devices (e.g., mobile device 120 (FIG. 1)), such as the information generated in block 703 (FIG. 7).

In a number of embodiments, account database 808 can include account information, such as the information generated in block 702 (FIG. 7).

Turning ahead in the drawings, FIG. 9 illustrates a flow chart for a method 900. In some embodiments, method 900 can be a method of determining a risk level in provisioning an account to a mobile wallet. Method 900 is merely exemplary and is not limited to the embodiments presented herein. Method 900 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the procedures, the processes, and/or the activities of method 900 can be performed in the order presented. In other embodiments, the procedures, the processes, and/or the activities of method 900 can be performed in any suitable order. In still other embodiments, one or more of the procedures, the processes, and/or the activities of method 900 can be combined or skipped. In some embodiments, method 900 can be performed by token service provider 150 (FIG. 1).

Referring to FIG. 9, method 900 can include a block 901 of receiving a request from a provider to perform a provisioning of an account to a mobile wallet operating on a mobile device. The mobile wallet can be similar or identical to mobile wallet 121 (FIG. 1). The mobile device can be similar or identical to mobile device 120 (FIG. 1). In several embodiments, the account can be at least one of a demand deposit account, a debit card account, or a credit card account. In many embodiments, the provider can be at least one of a mobile wallet provider for the mobile wallet, a financial institution that maintains the account, or a mobile network operator that provides mobile network services for the mobile device. As an example, a user (e.g., user 110 (FIG. 1)) can attempt to provision an account (e.g., a credit card) to a mobile wallet (e.g., in a mobile device (e.g., mobile device 120 (FIG. 1)) of the user, such as by using user interface display 500 (FIG. 5). The provisioning request can be sent by the mobile wallet (e.g., 121 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)) to the mobile wallet provider (e.g., 130 (FIG. 1)), and the mobile wallet provider can send the request to perform the provisioning, which can be received by the token service provider (e.g., 150 (FIG. 1)).

In a number of embodiments, method 900 also can include a block 902 of sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet. The risk determination system can be similar or identical to risk determination system 170 (FIG. 1). In many embodiments, the inquiry can include account information about the account and device information about the mobile device.

In many embodiments, the account information can include information about the account that the user (e.g., 110 (FIG. 1)) is attempting to provision. For example, when the user (e.g., 110 (FIG. 1)) attempts to add an account, such as a credit card to the mobile wallet (e.g., 120 (FIG. 1)), the user (e.g., 110 (FIG. 1)) can be asked to input account information, such as in the input fields (e.g., 510, 520, 530) in FIG. 5, and this account information can be sent by the mobile wallet (e.g., 121 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)) to the mobile wallet provider (e.g., 130 (FIG. 1)). In many embodiments, mobile wallet provider (e.g., 130 (FIG. 1) can send the account information received from the mobile wallet (e.g., 121 (FIG. 1)) and/or supplemented by mobile wallet provider 130 FIG. 1)) to token service provider (e.g., 150 (FIG. 1)), and the token service provider (e.g., 150 (FIG. 1)) can receive at least some of the account information in the request received in block 901. In some embodiments, additional account information can be determined by the token service provider (e.g., 150 (FIG. 1)) using information already stored in the token service provider (e.g., 150 (FIG. 1)), based on the account information received in the request received in block 701 For example, the account information can include the primary account number (PAN); the first, middle and last name of the account owner; the street address, city, state, and ZIP code of the residence of the account owner; and/or other information of the account owner, such as email address, phone number, or other personally identifiable information (PII), such as driver's license number, birth date, birthplace, social security number, etc.

In various embodiments, the device information can include information about the mobile device (e.g., 120 (FIG. 1)) of the user (e.g., 110 (FIG. 1)), information about the mobile wallet (e.g., 121 (FIG. 1)) on the mobile device (e.g., 120 (FIG. 1)), and/or information about the provisioning request on the mobile wallet (e.g., 121 (FIG. 1)). In a number of embodiments, at least some of this information can be received by the token service provider (e.g., 150 (FIG. 1)) in block 901 from the mobile wallet provider (e.g., 130 (FIG. 1)). In many embodiments, the device information can be received by the mobile wallet provider (e.g., 130 (FIG. 1)) from the mobile device (e.g., 120 (FIG. 1)) and/or the mobile wallet (e.g., 121 (FIG. 1)). For example, the device information can include the information about the identity of the mobile wallet provider (e.g., 130 (FIG. 1)); a wallet provider identifier (ID), which can be hashed in many embodiments; a secure element ID, if the mobile device (e.g., 120 (FIG. 1)) includes a secure element (e.g., a tamper-resistant security/cryptographic chip/processing element); a device ID; a SIM (subscriber identity mobile) ID; the full phone number of the mobile device (e.g., 120 (FIG. 1)); device fingerprint (e.g., information about the operating system and software running on the mobile device (e.g., 120 (FIG. 1)), and/or unique identifiers on the mobile device (e.g., 120 (FIG. 1)), such as the MAC (media access control) address or other unique serial numbers assigned to the mobile device); the date and time (e.g., timestamp) of the provisioning request; information about the type of provisioning record/request (e.g., adding an account, changing an account, deleting an account, etc.); and/or other suitable information.

In some embodiments, the risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of: (a) an ownership correlation between device ownership information for the mobile device and account ownership information for the account, (b) device risk information associated with the mobile device, and (c) account risk information associated with the account.

In various embodiments, the device ownership information can include information about the actual owner of the mobile device (e.g., 120 (FIG. 1). In many embodiments, the device ownership information can be determined by the risk determination system based on at least one of: (a) at least a portion of the device information, or (b) the risk determination system querying at least one of: (i) a mobile device identifier database in the risk determination system, or (ii) a mobile network operator that provides mobile network services for the mobile device.

In several embodiments, the account ownership information can include information about the actual owner of the account. In some embodiments, the account ownership information can be determined by the risk determination system based on at least one of: (1) at least a portion of the account information, or (b) the risk determination system querying at least one of: (i) an account owner elements database in the risk determination system, or (ii) a financial institution that maintains the account.

In some embodiments, the ownership correlation can be based on a determination of whether the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account. For example, if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is the same as the actual owner of the account, there can be an ownership correlation, but if the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation. Sometimes, the account ownership information and/or the device ownership information can involve a family plan or corporate plan for a mobile device (e.g., 120 (FIG. 1)), or authorized users for an account (e.g., a business account with authorized users), and the ownership correlation can determine whether there is a correlation between authorized individuals for the account and the mobile device (e.g., 120 (FIG. 1)). In such cases, even though the actual owner of the mobile device (e.g., 120 (FIG. 1)) is not the same as the actual owner of the account, then there can be a lack of ownership correlation, there can be an ownership correlation, based on the family plan or corporate plan for the mobile device (e.g., 120 (FIG. 1)), and/or based on the authorized users for an account (e.g., a business account with authorized users).

In many embodiments, the device risk information can include information about known risks or historical negative events that involved the mobile device (e.g., 120 (FIG. 1)). In a number of embodiments, the device risk information can be determined by the risk determination system querying one or more databases in the risk determination system that aggregate negative mobile device events.

In several embodiments, the account risk information can include information about known risks or historical negative events that involved the account and/or the account owner. In some embodiments, the account risk information can be determined by the risk determination system querying one or more databases in the risk determination system that aggregate negative account events from multiple financial institutions.

In various embodiments, the business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. For example, a business rule can be that the owner (or authorized user) of the mobile device (e.g., 120 (FIG. 1)) must be the same as the owner (or authorized user) of the account. The ownership correlation can be used to determine whether this business rule is satisfied. In some embodiments, other or additional business rules can be used. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. For example, in many embodiments, the business rules can be rules provided and/or imposed by one or more of the businesses involved with the provisioning, such as mobile wallet provider 130 (FIG. 1), mobile network operator 140 (FIG. 1), token service provider 150 (FIG. 1), and/or financial institution 160 (FIG. 1). In other embodiments, the business rules can be developed for the risk determination system (e.g., 170 (FIG. 1)), and can be based on the knowledge and experience of the owners and/or operators of the risk determination system (e.g., 170 (FIG. 1)). A further example of a business rule can be, “if the ownership of the mobile device has changed in the last 3 months, then flag the provisioning request for further investigation.” Yet another example of a business rule can “if the account ownership is less than 3 months old, then return all the negative information related to the account owner in the response.”

In some embodiments, the one or more one or more statistical modeling techniques can include logistic regression. In many embodiments, machine algorithms can identify patterns that indicate likely fraud, and use those patterns to detect when a provisioning request likely is fraudulent. For example, the machine algorithms can “learn” that, when the user (e.g., 110 (FIG. 1)) changes the home address on the account, but the home address information known to the mobile network operator (e.g., 140 (FIG. 1)) does not change, then there is an 85% chance of fraud. Accordingly, the machine algorithm can flag the provisioning request if those parameters are met. The machine algorithms can change over time as the machine “learns” more and more. In some embodiments, the machine algorithms can include statistical modeling techniques, such as logistic regression. In the same or other embodiments, the machine algorithms can include machine learning algorithms, such as clustering, neural networks, or other suitable machine learning algorithms.

In many embodiments, the business rules and/or the one or more statistical modeling techniques can use various pieces of information as inputs, such as the ownership correlation, the device risk information, the account risk information, and/or other information obtained by or determined by the risk determination system (e.g., 170 (FIG. 1)). Examples of additional information that can be used by the risk determination system (e.g., 170 (FIG. 1)) can include information about the mobile device (e.g., 120 (FIG. 1)), such as account status (active, shut-down, canceled, etc.); if the mobile device (e.g., 120 (FIG. 1)) is rooted or jailbroken; changes to the mobile device (e.g., 120 (FIG. 1)), such as a change of the mobile network operator (e.g., 140 (FIG. 1)) that is associated with the mobile device (e.g., 120 (FIG. 1)), a change of ownership, a change of SIM cards, etc.; data from the mobile device (e.g., 120 (FIG. 1)), such as device information (e.g., applications on the device, data used, device fingerprint, etc.) collected by collector software in the mobile wallet (e.g., 121 (FIG. 1)); data from the mobile network operator (e.g., 140 (FIG. 1)) about the user (e.g., 110 (FIG. 1)), such as CRM (customer relationship management data), including name, address, status of the device, if the device has been ported (i.e., the same phone number moved to a new mobile device (e.g., 120 (FIG. 1)), etc.; the device information and account information included in the inquiry; information obtained from the mobile wallet provider (e.g., 130 (FIG. 1)), the mobile network operator (e.g., 140 (FIG. 1)), the token service provider (e.g., 150 (FIG. 1)), and/or the financial institution (e.g., 160 (FIG. 1)); information available in databases (e.g., 406-409 (FIG. 4)) within the risk determination system (e.g., 170 (FIGS. 1 and 4)); and/or other suitable information.

In a number of embodiments, the business rules and/or one or more statistical modeling techniques can be applied to some, but not all of the information listed above. In other embodiments, all of the information listed above can be used as inputs to the business rules and/or one or more statistical modeling techniques. In some embodiments, the business rules and/or one or more statistical modeling techniques can be performed in a step-wise fashion on various different inputs. In one example, the business rules can be used on certain types of information and the statistical modeling techniques can be used on different types of information. In many embodiments, the inputs can be weighted in the machine algorithms, such that certain pieces of information have a greater effect on the output than other pieces of information. In some embodiments, the risk determination performed by the risk determination system (e.g., 170 (FIG. 1)) can depend on who the provider is and at what point of the provisioning process the provider sends the inquiry to the risk determination system (e.g., 170 (FIG. 1)).

In several embodiments, the business rules and/or one or more statistical modeling techniques can generate as output one or more pieces of information, which can, in some embodiments, include a fraud risk level. In many embodiments, the fraud risk level can be represented by a risk score, such as numeric score, an alphabetical score, a color score (e.g., green for low risk, yellow for medium risk, or red for high risk), or another suitable type of score. In some embodiments, a low fraud risk level can indicate that no negative or suspicious events were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In several embodiments, a medium fraud risk level can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In many embodiments, a high risk level can indicate that there are major risks associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request, such as a credit card being compromised, an account having negative history, or a phone number of the mobile device (e.g., 120 (FIG. 1)) that does not match the phone number associated with the account.

In some embodiments, the outputs of the business rules and/or one or more statistical modeling techniques can include additional information to explain the reason for the risk score, such as factors that were relevant to generating the risk score, raw data that was relevant in generating the risk score, the results of execution of one or more business rules that resulted in the risk score, the results of the machine algorithm that resulted in the risk score, or other information that resulted in the risk score, such as an identification of the portions of the device ownership information that were relevant to determining the risk score, the account ownership information, the device risk information, the account risk information, and/or the ownership correlation.

In some embodiments, the risk determination system (e.g., 170 (FIG. 1)), in generating the fraud risk level, can perform an out-of-band verification based on the fraud risk level. In some embodiments, the out-of-band verification can be performed only if the fraud risk level is medium risk. In other embodiments, the out-of-band verification can be performed if the fraud risk level is medium or high risk. In many embodiments, the out-of-band verification can involve contacting the user (e.g., 110) through a different channel of communication than the channel through which the provisioning request was initiated. For example, the user (e.g., 110) can be contacted by phone, email, text message, or another suitable method using contact information previously stored for the user at one or more of the mobile wallet provider (e.g., 130 (FIG. 1)), the mobile network operator (e.g., 140 (FIG. 1)), the token service provider (e.g., 150 (FIG. 1)), the financial institution (e.g., 160 (FIG. 1)), and/or the risk determination system (e.g., 170 (FIG. 1)) to determine that the user (e.g., 110) that initiated the provisioning request is the same person as the user is purported to be in the provisioning request.

In a number of embodiments, the risk determination system (e.g., 170 (FIG. 1)), in generating the fraud risk level, after performing the out-of-band verification, can update the fraud risk level based on the out-of-band verification. For example, if the out-of-band verification determines that the user is legitimate (e.g., not likely a fraudster), the fraud risk level can be updated to be lowered to low risk. If the out-of-band verification determines that the user is not legitimate, the fraud risk level can be updated to be raised to high risk.

In several embodiments, method 900 additionally can include a block 903 of receiving from the risk determination system a response based on the fraud risk level. In many embodiments, the first response can be received directly from the risk determination system. In other embodiments, the first response can be received from the risk determination system through at least one of the financial institution that maintains the account or the mobile network operator that provides mobile network services for the mobile device. In many embodiments, the response can include a risk score, as explained above, and in some embodiments, can include one or more factors that indicate reasons for the risk score.

In a number of embodiments, method 900 further can include a block 904 of determining whether to proceed with the provisioning of the account to the mobile wallet based at least in part on the response received from the risk determination system. In many embodiments, if the fraud risk level is low, the determination can be made to proceed with the provisioning of the account to the mobile wallet; if the fraud risk level is medium, the determination can be made to proceed with performing the additional verification; and if the fraud risk level is high, the determination can be made to block the provisioning request. In some embodiments, the determination cab be made to perform the additional verification after receiving a certain type of response, such as a medium fraud risk level response, such as if the out-of-band verification was not performed by the risk determination system (e.g., 170 (FIG. 1)).

In several embodiments, method 900 additionally can include a block 905 of providing a token to the provider in response to the request to perform the provisioning of the account to the mobile wallet when the fraud risk level is below a predetermined threshold. For example, the provisioning can proceed if the fraud risk level is determined to be low and below the predetermined threshold of medium risk. In other embodiments, other suitable predetermined thresholds can be used. In several embodiments, when the fraud risk level is below a predetermined threshold, the token can be generated, such as by using conventional methods. In various embodiments, the token can be linked to the account within the token service provider (e.g., 150 (FIG. 1)), as described above.

In many embodiments, the provider can send to the mobile device information about the provisioning of the account to the mobile wallet, and the mobile wallet can update a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet. The user interface display on the mobile device can be similar or identical to user interface display 600 (FIG. 6). For example, the provider can send information about the outcome of the provisioning request, and the mobile wallet can display the outcome of the provisioning attempt in user interface display 600 (FIG. 6), such as whether or not the provisioning request was successful. In many embodiments, such as in certain cases when the provisioning request was successful, the mobile wallet can receive one or more tokens that are linked to the account, which the mobile wallet can then use in one or more transactions using the account in the mobile wallet.

Turning ahead in the drawings, FIG. 10 illustrates a block diagram of token service provider 150 that can be employed for facilitating a risk determination as part of provisioning an account to a mobile wallet (e.g., 121 (FIG. 1)), according to an embodiment. Token service provider 150 is merely exemplary, and embodiments of the token service provider are not limited to the embodiments presented herein. The token service provider can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of token service provider 150, as shown in FIG. 10, can perform various procedures, processes, and/or activities. In other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of token service provider 150.

In several embodiments, token service provider 150 can include a communication system 1001, a risk assessment system 1002, a token management system 1003, and/or a token database 1004.

In many embodiments, communication system 1001 can at least partially perform block 901 (FIG. 9) of receiving a request from a provider to perform a provisioning of an account to a mobile wallet operating on a mobile device, block 902 (FIG. 9) of sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet, block 903 (FIG. 9) of receiving from the risk determination system a response based on the fraud risk level, and/or block 905 (FIG. 9) of providing a token to the provider in response to the request to perform the provisioning of the account to the mobile wallet when the fraud risk level is below a predetermined threshold.

In a number of embodiments, risk assessment system 1002 can at least partially perform block 904 (FIG. 9) of determining whether to proceed with the provisioning of the account to the mobile wallet based at least in part on the response received from the risk determination system.

In several embodiments, token management system 1003 can at least partially perform block 905 (FIG. 9) of providing a token to the provider in response to the request to perform the provisioning of the account to the mobile wallet when the fraud risk level is below a predetermined threshold.

In a number of embodiments, token database 1004 can store the tokens generated and/or provided by token service provider 150, which can be used by token management system 1003.

Turning ahead in the drawings, FIG. 11 illustrates a computer system 1100, all of which or a portion of which can be suitable for implementing an embodiment of at least a portion of mobile device 120 (FIG. 1), mobile wallet provider 130 (FIGS. 1 and 8), mobile network operator 140 (FIG. 1), token service provider 150 (FIGS. 1 and 10), financial institution 160 (FIG. 1), risk determination system 170 (FIGS. 1 and 4), method 200 (FIG. 2), block 202 (FIG. 3), method 700 (FIG. 7), and/or method 900 (FIG. 9). Computer system 1100 includes a chassis 1102 containing one or more circuit boards (not shown), a USB (universal serial bus) port 1112, a Compact Disc Read-Only Memory (CD-ROM) and/or Digital Video Disc (DVD) drive 1116, and a hard drive 1114. A representative block diagram of the elements included on the circuit boards inside chassis 1102 is shown in FIG. 12. A central processing unit (CPU) 1210 in FIG. 12 is coupled to a system bus 1214 in FIG. 12. In various embodiments, the architecture of CPU 1210 can be compliant with any of a variety of commercially distributed architecture families.

Continuing with FIG. 12, system bus 1214 also is coupled to memory 1208 that includes both read only memory (ROM) and random access memory (RAM). Non-volatile portions of memory storage unit 1208 or the ROM can be encoded with a boot code sequence suitable for restoring computer system 1100 (FIG. 11) to a functional state after a system reset. In addition, memory 1208 can include microcode such as a Basic Input-Output System (BIOS). In some examples, the one or more memory storage units of the various embodiments disclosed herein can comprise memory storage unit 1208, a USB-equipped electronic device, such as, an external memory storage unit (not shown) coupled to universal serial bus (USB) port 1112 (FIGS. 11-12), hard drive 1114 (FIGS. 11-12), and/or CD-ROM or DVD drive 1116 (FIGS. 11-12). In the same or different examples, the one or more memory storage units of the various embodiments disclosed herein can comprise an operating system, which can be a software program that manages the hardware and software resources of a computer and/or a computer network. The operating system can perform basic tasks such as, for example, controlling and allocating memory, prioritizing the processing of instructions, controlling input and output devices, facilitating networking, and managing files. Some examples of common operating systems can comprise Microsoft® Windows® operating system (OS), Mac® OS, UNIX® OS, and Linux® OS.

As used herein, “processor” and/or “processing module” means any type of computational circuit, such as but not limited to a microprocessor, a microcontroller, a controller, a complex instruction set computing (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a graphics processor, a digital signal processor, or any other type of processor or processing circuit capable of performing the desired functions. In some examples, the one or more processors of the various embodiments disclosed herein can comprise CPU 1210.

In the depicted embodiment of FIG. 12, various I/O devices such as a disk controller 1204, a graphics adapter 1224, a video controller 1202, a keyboard adapter 1226, a mouse adapter 1206, a network adapter 1220, and other I/O devices 1222 can be coupled to system bus 1214. Keyboard adapter 1226 and mouse adapter 1206 are coupled to a keyboard 1104 (FIGS. 11 and 12) and a mouse 1110 (FIGS. 11 and 12), respectively, of computer system 1100 (FIG. 11). While graphics adapter 1224 and video controller 1202 are indicated as distinct units in FIG. 12, video controller 1202 can be integrated into graphics adapter 1224, or vice versa in other embodiments. Video controller 1202 is suitable for refreshing a monitor 1106 (FIGS. 11 and 12) to display images on a screen 1108 (FIG. 11) of computer system 1100 (FIG. 11). Disk controller 1204 can control hard drive 1114 (FIGS. 11 and 12), USB port 1112 (FIGS. 11 and 12), and CD-ROM or DVD drive 1116 (FIGS. 11 and 12). In other embodiments, distinct units can be used to control each of these devices separately.

In some embodiments, network adapter 1220 can comprise and/or be implemented as a WNIC (wireless network interface controller) card (not shown) plugged or coupled to an expansion port (not shown) in computer system 1100 (FIG. 11). In other embodiments, the WNIC card can be a wireless network card built into computer system 1100 (FIG. 11). A wireless network adapter can be built into computer system 1100 (FIG. 11) by having wireless communication capabilities integrated into the motherboard chipset (not shown), or implemented via one or more dedicated wireless communication chips (not shown), connected through a PCI (peripheral component interconnector) or a PCI express bus of computer system 1100 (FIG. 11) or USB port 1112 (FIG. 11). In other embodiments, network adapter 1220 can comprise and/or be implemented as a wired network interface controller card (not shown).

Although many other components of computer system 1100 (FIG. 11) are not shown, such components and their interconnection are well known to those of ordinary skill in the art. Accordingly, further details concerning the construction and composition of computer system 1100 and the circuit boards inside chassis 1102 (FIG. 11) need not be discussed herein.

When computer system 1100 in FIG. 1 is running, program instructions stored on a USB-equipped electronic device connected to USB port 1112, on a CD-ROM or DVD in CD-ROM and/or DVD drive 1116, on hard drive 1114, or in memory storage unit 1208 (FIG. 2) are executed by CPU 1210 (FIG. 2). A portion of the program instructions, stored on these devices, can be suitable for carrying out all or at least part of the techniques described herein. In various embodiments, computer system 1100 can be reprogrammed with one or more modules, system, applications, and/or databases, such as those described herein, to convert a general purpose computer to a special purpose computer. For purposes of illustration, programs and other executable program components are shown herein as discrete systems, although it is understood that such programs and components may reside at various times in different storage components of computing system 1100, and can be executed by CPU 1210. Alternatively, or in addition to, the systems and procedures described herein can be implemented in hardware, or a combination of hardware, software, and/or firmware. For example, one or more application specific integrated circuits (ASICs) can be programmed to carry out one or more of the systems and procedures described herein. For example, one or more of the programs and/or executable program components described herein can be implemented in one or more ASICs.

Although computer system 1100 is illustrated as a desktop computer in FIG. 11, there can be examples where computer system 1100 may take a different form factor while still having functional elements similar to those described for computer system 1100. In some embodiments, computer system 1100 may comprise a single computer, a single server, or a cluster or collection of computers or servers, or a cloud of computers or servers. Typically, a cluster or collection of servers can be used when the demand on computer system 1100 exceeds the reasonable capability of a single server or computer. In certain embodiments, computer system 1100 may comprise a portable computer, such as a laptop computer. In certain other embodiments, computer system 1100 may comprise a mobile device, such as a smartphone. In certain additional embodiments, computer system 1100 may comprise an embedded system.

Although authentication and fraud prevention in provisioning a mobile wallet has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made without departing from the spirit or scope of the disclosure. Accordingly, the disclosure of embodiments is intended to be illustrative of the scope of the disclosure and is not intended to be limiting. It is intended that the scope of the disclosure shall be limited only to the extent required by the appended claims. For example, to one of ordinary skill in the art, it will be readily apparent that any element of FIGS. 1-12 may be modified, and that the foregoing discussion of certain of these embodiments does not necessarily represent a complete description of all possible embodiments. For example, one or more of the procedures, processes, or activities of FIGS. 2-3, 7, and 9 may include different procedures, processes, and/or activities and be performed by many different modules, in many different orders. As another example, one or more of the procedures, processes, or activities of FIGS. 2-3, 7, and 9 may include one or more of the procedures, processes, or activities of another different one of FIGS. 2-3, 7, and 9. As yet another example, the systems within risk determination system 170 shown in FIG. 4, the systems within mobile wallet provider 130 shown in FIG. 8, and the systems within token service provider 150 shown in FIG. 10 can be interchanged in any suitable manner or otherwise modified.

Replacement of one or more claimed elements constitutes reconstruction and not repair. Additionally, benefits, other advantages, and solutions to problems have been described with regard to specific embodiments. The benefits, advantages, solutions to problems, and any element or elements that may cause any benefit, advantage, or solution to occur or become more pronounced, however, are not to be construed as critical, required, or essential features or elements of any or all of the claims, unless such benefits, advantages, solutions, or elements are stated in such claim.

Moreover, embodiments and limitations disclosed herein are not dedicated to the public under the doctrine of dedication if the embodiments and/or limitations: (1) are not expressly claimed in the claims; and (2) are or are potentially equivalents of express elements and/or limitations in the claims under the doctrine of equivalents. 

What is claimed is:
 1. A system comprising: one or more processors in data communication through a network with a provider; and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform: receiving an inquiry from the provider to authenticate a provisioning of an account to a mobile wallet, the inquiry comprising: account information about the account, and device information about a mobile device that operates the mobile wallet; determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account; determining an ownership correlation between the device ownership information and the account ownership information; generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information, wherein the business rules define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information; and providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.
 2. The system of claim 1, wherein determining the device ownership information comprises at least one of: determining the device ownership information using at least a portion of the device information; or querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device to determine the device ownership information.
 3. The system of claim 1, wherein determining the account ownership information comprises at least one of: determining the account ownership information using at least a portion of the account information; or querying at least one of an account owner elements database or a financial institution that maintains the account to determine the account ownership information.
 4. The system of claim 1, wherein determining the device risk information comprises: querying one or more databases that aggregate negative mobile device events.
 5. The system of claim 1, wherein determining the account risk information comprises: querying one or more databases that aggregate negative account events from multiple financial institutions.
 6. The system of claim 1, wherein the computing instructions are further configured to perform: performing an out-of-band verification based on the fraud risk level; and updating the fraud risk level based on the out-of-band verification.
 7. The system of claim 1, wherein the one or more one or more statistical modeling techniques comprise logistic regression.
 8. The system of claim 1, wherein the provider is at least one of a mobile wallet provider for the mobile wallet, a financial institution that maintains the account, a token service provider that provides tokenization services for the mobile wallet provider, or a mobile network operator that provides mobile network services for the mobile device.
 9. The system of claim 1, wherein the account is at least one of a demand deposit account, a debit card account, or a credit card account.
 10. The system of claim 1 wherein the response comprises a risk score and one or more factors for the risk score.
 11. A method being implemented via execution of computer instructions configured to run at one or more processors and configured to be stored at one or more non-computer-readable media, the method comprising: receiving an inquiry from a provider to authenticate a provisioning of an account to a mobile wallet, the inquiry comprising: account information about the account, and device information about a mobile device that operates the mobile wallet; determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account; determining an ownership correlation between the device ownership information and the account ownership information; generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information, wherein the business rules define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information; and providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.
 12. The method of claim 11, wherein determining the device ownership information comprises at least one of: determining the device ownership information using at least a portion of the device information; or querying at least one of a mobile device identifier database or a mobile network operator that provides mobile network services for the mobile device to determine the device ownership information.
 13. The method of claim 11, wherein determining the account ownership information comprises at least one of: determining the account ownership information using at least a portion of the account information; or querying at least one of an account owner elements database or a financial institution that maintains the account to determine the account ownership information.
 14. The method of claim 11, wherein determining the device risk information comprises: querying one or more databases that aggregate negative mobile device events.
 15. The method of claim 11, wherein determining the account risk information comprises: querying one or more databases that aggregate negative account events from multiple financial institutions.
 16. The method of claim 11 further comprising: performing an out-of-band verification based on the fraud risk level; and updating the fraud risk level based on the out-of-band verification.
 17. The method of claim 11, wherein the one or more one or more statistical modeling techniques comprise logistic regression.
 18. The method of claim 11, wherein the provider is at least one of a mobile wallet provider for the mobile wallet, a financial institution that maintains the account, a token service provider that provides tokenization services for the mobile wallet provider, or a mobile network operator that provides mobile network services for the mobile device.
 19. The method of claim 11, wherein the account is at least one of a demand deposit account, a debit card account, or a credit card account.
 20. The method of claim 11, wherein the response comprises a risk score and one or more factors for the risk score. 